From shared services to open-source tools, vulnerabilities may be exploited to create impactful systematic risks. Attacks that inject malicious code into the supply chain are a very real concern.
Third party risk management is a priority, as threat actors have added tools, codes, and frameworks to their attack playbooks. The Log4J vulnerability is an example of how a single impacted open-source tool affected more than 100 million web servers globally, and was exploited as a means of attack at the same time.
Watch also for potential spillover effects from destructive software masquerading as ransomware. Though the primary goal of criminal malware is to monetize, global conflict heightens the risk that malware that has been deployed for geopolitical purposes may spill over and cause destruction instead.
Finally, organizations who use industrial systems must take steps to protect operational technology, as well as IT infrastructure. Threat actors are looking for and targeting these systems, especially in the supply chain, where stopping one vendor can hugely impact the global economy.
We expect more regulatory oversight and enforcement activity directed at the ransomware ecosystem. Government organizations are attacking the issue on a number of fronts – targeting exchanges used for crypto payments, taking a more aggressive approach to sanctions, and pursuing criminal prosecution of ransomware threat groups.Frank QuinnClient Experience Manager